Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-19860


Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.


Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, indicating it requires adjacent network access with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 126 products from broadcom, from broadcom, from broadcom and 123 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.


Published

2019-06-07T17:29:00.740

Last Modified

2026-06-17T01:50:00.817

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

6.5

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-732

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System broadcom bcm4335c0_firmware 2012-12-11 Yes
Hardware broadcom bcm4335c0 - No
Operating System broadcom bcm43438a1_firmware 2014-06-02 Yes
Hardware broadcom bcm43438a1 - No
Operating System cypress cyw20702a1kwfbg_firmware - Yes
Hardware cypress cyw20702a1kwfbg - No
Operating System cypress cyw20702a1kwfbgt_firmware - Yes
Hardware cypress cyw20702a1kwfbgt - No
Operating System cypress cyw20702b0kwfbg_firmware - Yes
Hardware cypress cyw20702b0kwfbg - No
Operating System cypress cyw20702b0kwfbgt_firmware - Yes
Hardware cypress cyw20702b0kwfbgt - No
Operating System cypress cyw20703ua1kffb1g_firmware - Yes
Hardware cypress cyw20703ua1kffb1g - No
Operating System cypress cyw20703ua1kffb1gt_firmware - Yes
Hardware cypress cyw20703ua1kffb1gt - No
Operating System cypress cyw20704ua1kffb1g_firmware - Yes
Hardware cypress cyw20704ua1kffb1g - No
Operating System cypress cyw20704ua1kffb1gt_firmware - Yes
Hardware cypress cyw20704ua1kffb1gt - No
Operating System cypress cyw20704ua2kffb1g_firmware - Yes
Hardware cypress cyw20704ua2kffb1g - No
Operating System cypress cyw20704ua2kffb1gt_firmware - Yes
Hardware cypress cyw20704ua2kffb1gt - No
Operating System cypress cyw20705a1kwfbgt_firmware - Yes
Hardware cypress cyw20705a1kwfbgt - No
Operating System cypress cyw20705b0kwfbg_firmware - Yes
Hardware cypress cyw20705b0kwfbg - No
Operating System cypress cyw20705b0kwfbgt_firmware - Yes
Hardware cypress cyw20705b0kwfbgt - No
Operating System cypress cyw20706ua1kffb1g_firmware - Yes
Hardware cypress cyw20706ua1kffb1g - No
Operating System cypress cyw20706ua1kffb1gt_firmware - Yes
Hardware cypress cyw20706ua1kffb1gt - No
Operating System cypress cyw20706ua1kffb4g_firmware - Yes
Hardware cypress cyw20706ua1kffb4g - No
Operating System cypress cyw20706ua2kffb4g_firmware - Yes
Hardware cypress cyw20706ua2kffb4g - No
Operating System cypress cyw20706ua2kffb4gt_firmware - Yes
Hardware cypress cyw20706ua2kffb4gt - No
Operating System cypress cyw20707a2kubgt_firmware - Yes
Hardware cypress cyw20707a2kubgt - No
Operating System cypress cyw20707ua1kffb1g_firmware - Yes
Hardware cypress cyw20707ua1kffb1g - No
Operating System cypress cyw20707ua1kffb4g_firmware - Yes
Hardware cypress cyw20707ua1kffb4g - No
Operating System cypress cyw20707ua1kffb4gt_firmware - Yes
Hardware cypress cyw20707ua1kffb4gt - No
Operating System cypress cyw20707ua2kffb4g_firmware - Yes
Hardware cypress cyw20707ua2kffb4g - No
Operating System cypress cyw20707ua2kffb4gt_firmware - Yes
Hardware cypress cyw20707ua2kffb4gt - No
Operating System cypress cyw20707va1pkwbgt_firmware - Yes
Hardware cypress cyw20707va1pkwbgt - No
Operating System cypress cyw20707va2pkwbgt_firmware - Yes
Hardware cypress cyw20707va2pkwbgt - No
Operating System cypress cyw20730a1kfbg_firmware - Yes
Hardware cypress cyw20730a1kfbg - No
Operating System cypress cyw20730a1kfbgt_firmware - Yes
Hardware cypress cyw20730a1kfbgt - No
Operating System cypress cyw20730a1kml2g_firmware - Yes
Hardware cypress cyw20730a1kml2g - No
Operating System cypress cyw20730a1kml2gt_firmware - Yes
Hardware cypress cyw20730a1kml2gt - No
Operating System cypress cyw20730a1kmlg_firmware - Yes
Hardware cypress cyw20730a1kmlg - No
Operating System cypress cyw20730a1kmlgt_firmware - Yes
Hardware cypress cyw20730a1kmlgt - No
Operating System cypress cyw20730a2kfbg_firmware - Yes
Hardware cypress cyw20730a2kfbg - No
Operating System cypress cyw20730a2kfbgt_firmware - Yes
Hardware cypress cyw20730a2kfbgt - No
Operating System cypress cyw20730a2kml2g_firmware - Yes
Hardware cypress cyw20730a2kml2g - No
Operating System cypress cyw20730a2kml2gt_firmware - Yes
Hardware cypress cyw20730a2kml2gt - No
Operating System cypress cyw20733a1kfb1gt_firmware - Yes
Hardware cypress cyw20733a1kfb1gt - No
Operating System cypress cyw20733a2kfb1g_firmware - Yes
Hardware cypress cyw20733a2kfb1g - No
Operating System cypress cyw20733a2kfb1gt_firmware - Yes
Hardware cypress cyw20733a2kfb1gt - No
Operating System cypress cyw20733a2kml1g_firmware - Yes
Hardware cypress cyw20733a2kml1g - No
Operating System cypress cyw20733a2kml1gt_firmware - Yes
Hardware cypress cyw20733a2kml1gt - No
Operating System cypress cyw20733a3kfb1g_firmware - Yes
Hardware cypress cyw20733a3kfb1g - No
Operating System cypress cyw20733a3kfb1gt_firmware - Yes
Hardware cypress cyw20733a3kfb1gt - No
Operating System cypress cyw20733a3kfb2gt_firmware - Yes
Hardware cypress cyw20733a3kfb2gt - No
Operating System cypress cyw20733a3kml1g_firmware - Yes
Hardware cypress cyw20733a3kml1g - No
Operating System cypress cyw20733a3kml1gt_firmware - Yes
Hardware cypress cyw20733a3kml1gt - No
Operating System cypress cyw20734ua1kffb3g_firmware - Yes
Hardware cypress cyw20734ua1kffb3g - No
Operating System cypress cyw20734ua1kffb3gt_firmware - Yes
Hardware cypress cyw20734ua1kffb3gt - No
Operating System cypress cyw20734ua2kffb3g_firmware - Yes
Hardware cypress cyw20734ua2kffb3g - No
Operating System cypress cyw20734ua2kffb3gt_firmware - Yes
Hardware cypress cyw20734ua2kffb3gt - No
Operating System cypress cyw43438kubgt_firmware - Yes
Hardware cypress cyw43438kubgt - No
Operating System cypress cyw4343w1kubgt_firmware - Yes
Hardware cypress cyw4343w1kubgt - No
Operating System cypress cyw4343wkubgt_firmware - Yes
Hardware cypress cyw4343wkubgt - No
Operating System cypress cyw4343wkwbgt_firmware - Yes
Hardware cypress cyw4343wkwbgt - No
Operating System cypress cyw4354kkwbgt_firmware - Yes
Hardware cypress cyw4354kkwbgt - No
Operating System cypress cyw4354xkubgt_firmware - Yes
Hardware cypress cyw4354xkubgt - No
Operating System cypress cyw89071a1cubxgt_firmware - Yes
Hardware cypress cyw89071a1cubxgt - No
Operating System cypress cyw89072brfb5g_firmware - Yes
Hardware cypress cyw89072brfb5g - No
Operating System cypress cyw89072brfb5gt_firmware - Yes
Hardware cypress cyw89072brfb5gt - No
Operating System cypress cyw89335l2cubgt_firmware - Yes
Hardware cypress cyw89335l2cubgt - No
Operating System cypress cyw89335lcubgt_firmware - Yes
Hardware cypress cyw89335lcubgt - No

References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For broadcom's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.